Ethereum 2.0 Specification Audit Identifies Potential Vulnerabilities

Least Authority, an information security company, audited Ethereum specifications at the request of the Ethereum Foundation 2.0 and identified several potential vulnerabilities at once.

Least Authority reported to developersit is necessary to solve problems with vulnerabilities in the network layer of peer-to-peer (P2P) interaction, as well as in the block offer system. At the same time, the auditor noted that the specifications are "very well thought out and competent." However, at the moment there is no large ecosystem based on PoS and using sharding in the world, so it is impossible to accurately assess the prospects for system stability.

Also information security expertsemphasized that the specifications did not pay enough attention to the description of the P2P network level and the system of records about Ethereum nodes. Vulnerability risks are also observed in the block proposal system and the messaging system between nodes.

Experts said that on the blockchains,working on PoS, the choice of a new block is simple and no one can predict who will get the new block. In PoS systems, it is the block proposal system that decides whose block will fall into the blockchain, and this leads to the risk of data leakage. To solve the problem, auditors suggested using the mechanism of "Selecting the only secret leader" (SSLE).

As for the peer-to-peer exchange system, herethere is a danger of spam. There is no centralized node in the system that would evaluate the actions of other nodes, so a “malicious" node can spam the entire network with various messages without any special punishment. The solution to this problem may be to use special protocols for exchanging messages between nodes.

Recall that in February, the co-founder of EthereumVitalik Buterin spoke about plans for the deployment of Ethereum 2.0 and explained that the launch of phase 0 remains the main development priority during this year.